From 7e9ee0339f6a65cbbad5be67fca991fccfcfa3e3 Mon Sep 17 00:00:00 2001 From: Stefano Bonicatti Date: Fri, 5 Jul 2024 10:13:02 +0200 Subject: [PATCH] ci: Update Linux Docker image To Ubuntu 20.04 Needed to support newer versions of NodeJS in the Github Actions. --- tools/ci/Makefile | 8 ++++---- ...erfile => osquery-ubuntu20.04-toolchain.dockerfile} | 10 +++++++--- 2 files changed, 11 insertions(+), 7 deletions(-) rename tools/ci/{osquery-ubuntu18.04-toolchain.dockerfile => osquery-ubuntu20.04-toolchain.dockerfile} (87%) diff --git a/tools/ci/Makefile b/tools/ci/Makefile index b20a3593e10..b0874edd2e6 100644 --- a/tools/ci/Makefile +++ b/tools/ci/Makefile @@ -7,16 +7,16 @@ all: # instance. Thus, these targets are for building and pushing to the # remote, and building some test images locally. container: - docker buildx build --platform linux/amd64,linux/arm64 -f osquery-ubuntu18.04-toolchain.dockerfile . + docker buildx build --platform linux/amd64,linux/arm64 -f osquery-ubuntu20.04-toolchain.dockerfile . # push uses the cached builds from `container` push: TAG = $(shell git rev-parse --short HEAD) push: container - docker buildx build --platform linux/amd64,linux/arm64 --push -t osquery/builder18.04:$(TAG) -f osquery-ubuntu18.04-toolchain.dockerfile . + docker buildx build --platform linux/amd64,linux/arm64 --push -t osquery/builder20.04:$(TAG) -f osquery-ubuntu20.04-toolchain.dockerfile . # These targets use --load, which pushes to the local docker # install. Only a single platform is supported. arm: - docker buildx build --platform linux/arm64 --load -t osquerybuilder:$@ -f osquery-ubuntu18.04-toolchain.dockerfile . + docker buildx build --platform linux/arm64 --load -t osquerybuilder:$@ -f osquery-ubuntu20.04-toolchain.dockerfile . x86: - docker buildx build --platform linux/amd64 --load -t osquerybuilder:$@ -f osquery-ubuntu18.04-toolchain.dockerfile . + docker buildx build --platform linux/amd64 --load -t osquerybuilder:$@ -f osquery-ubuntu20.04-toolchain.dockerfile . diff --git a/tools/ci/osquery-ubuntu18.04-toolchain.dockerfile b/tools/ci/osquery-ubuntu20.04-toolchain.dockerfile similarity index 87% rename from tools/ci/osquery-ubuntu18.04-toolchain.dockerfile rename to tools/ci/osquery-ubuntu20.04-toolchain.dockerfile index 03fd034702a..a7e53564dbe 100644 --- a/tools/ci/osquery-ubuntu18.04-toolchain.dockerfile +++ b/tools/ci/osquery-ubuntu20.04-toolchain.dockerfile @@ -1,7 +1,7 @@ -FROM ubuntu:18.04 AS ubuntubase +FROM ubuntu:20.04 AS ubuntubase RUN apt update -q -y -RUN apt upgrade -q -y -RUN apt install -q -y --no-install-recommends \ +RUN DEBIAN_FRONTEND=noninteractive apt upgrade -q -y +RUN DEBIAN_FRONTEND=noninteractive apt install -q -y --no-install-recommends \ git \ make \ ccache \ @@ -64,6 +64,10 @@ RUN rm -rf /var/lib/apt/lists/* FROM base3 AS base4 COPY --from=cppcheck /root/cppcheck/install/usr/local/ /usr/local/ +# Add user for the Github Actions CI +RUN groupadd --gid 127 docker +RUN useradd runner --uid 1001 -G docker -s /bin/bash +RUN echo 'runner ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers # Squash all layers down using a giant COPY. It's kinda gross, but it # works. Though the layers are only adding about 50 megs on a 1gb